package net.koodar.forge.security.config;

import net.koodar.forge.common.domain.model.AppUserDetails;
import net.koodar.forge.security.serive.SecurityPermissionCheckService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.core.Authentication;

/**
 * @author liyc
 */
@Configuration
@EnableMethodSecurity
public class SecurityMethodConfig {

    @Bean("forgeAuth")
    public SecurityPermissionCheckService securityPermissionCheckService() {
        return new SecurityPermissionCheckService() {
            @Override
            public boolean checkPermission(Authentication authentication, String permission) {
                AppUserDetails loginEmployeeDetail = (AppUserDetails) authentication.getPrincipal();
                if (loginEmployeeDetail.getAdministratorFlag()) {
                    return true;
                }
                return super.permissionJudge(loginEmployeeDetail, permission);
            }
        };
    }
}
